I get listing:

-rw-r--r-- 1 10xxxx 500 659 Jul 27 20:14 .htaccess
-rw-r--r-- 1 10xxxx 500 1347 Jul 27 20:13 CHANGELOG
drwxr-xr-x 13 10xxxx 500 4096 Jul 27 19:24 folder1

if I owner, is 500 my group ("users") or nobody-group (owned by apache)?

which permissions should I set to make php files writable by apache??

if 500 = users, then 707 ?
if 500 = apache_group , then 770 ?


the problem arisen as I set up default CMS and images folder has 707 permissions and I cannot see any pictures. I have change to 777, now it works, but I need set right permissions

thanks

Chmod to 755 never Chmod anything here at PowWeb to 777 or 666

ok, thanks
this means php scripts are working with my right, not apache? is powweb using cgi php, not mod_php ?

and what is group with guid 500? apache or nobody?

thanks

Powweb has php available on all servers

500 is -r-x------ no group access only read and execute for owner

this is the answer on my question:
http://forum.powweb.com/showthread.php?t=37893
http://forum.powweb.com/showthread.php?t=1104
... PowWeb uses the CGI version of PHP rather than the module ...

the php scripts run with owner rights

but can somebody tell me what group has guid = 500 ?

thanks

my mambo works with
500 or 600 for all files and 610 or 710 for folders

Okay. I get it... he's talking about "500" being the numerical designation of the GROUP (GID); not the hexadecimal permissions code. I, too, am wondering what 500 means, as I'm having permissions errors. I mis-posted this thread (http://forum.powweb.com/showthread.php?t=39508) in the CGI forum, but I suspect I'm getting a "403 Forbidden" error because of permissions.

500 is a "users" group, which is same thing as "nobody", I guess.
But maybe better looking. ;)

GID = 500 is "customer" group:
total 24
-rw-r--r-- 1 XXX customer 63 Jul 28 10:13 system.php

to check make file system.php with content:
<pre>
<? system("/bin/ls -l"); ?>

but system command run with another then my uid,
(suexec ? )

but why I should do chmod 610 for folders to be readable by apache?
if apache running as nobody/www/wwwuser/apache then I should do chmod 601 to make files readable for httpd. Or apache deamon is member of customer group?

is it possible if somebody provide output from ps -aux , ps -agx, ls -la, ...
I hope powweb dont need to have "security by obscure" but should explain security to avoid "easy hacking"

many thanks

500 is a "users" group, which is same thing as "nobody",

definitely not the same :-)

Sorry, it was" customer", not "users".
I think PowWeb named 500 as "customer" in place of "nobody",
probably just because it sounds better.
But basically, it's same thing.

As all members are in that (nobody) group, the permission of 640 (for file),
and 710 (for directory) is enough for Apache (nobody) to get a file.